Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7ecbdcc88578d6cb28cb1643109a2e21' = '"%APPDATA%\systeminfo.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7ecbdcc88578d6cb28cb1643109a2e21' = '"%APPDATA%\systeminfo.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\7ecbdcc88578d6cb28cb1643109a2e21.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\systeminfo.exe" "systeminfo.exe" ENABLE
- %APPDATA%\systeminfo.exe
- 'sy####o.no-ip.biz':1177
- http://pa###bin.com/raw/A1tt5PXY
- DNS ASK pa###bin.com
- DNS ASK sy####o.no-ip.biz
- '%APPDATA%\systeminfo.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\systeminfo.exe" "systeminfo.exe" ENABLE' (with hidden window)